Websecurify 0.8

Websecurify is a free, easy-to-use web application testing tool that will scan your website and report on possible security vulnerabilities.

Most similar tools tend to be complicated, incredibly expensive, or both, so you might have to spend an age mastering complex command line tools before you can do anything at all. But Websecurify is different. To launch a scan, all you have to do is click "Start a new automated test", enter the site domain in the Target box, and click OK. That's it.

The program will then go to work, mapping the entire site, and looking for many common security issues: SQL Injection vulnerabilities, cross-site scripting and request forgery issues, information disclosure problems, session security issues, and many others (including all categories in the OWASP TOP 10).

When it's finished (which can take a very long time, so you might have to be patient), one more click opens the program's report. You can then browse it to see what's been uncovered, or export it in CSV, HTML, JSON or XML formats.

We're not entirely sure how thorough Websecurify really is; trying it on a couple of test sites didn't reveal too much of interest. It's hard to complain about something that's free and so easy to use, though, and if the program uncovers a single issue you hadn't spotted previously then it's surely done its job. So download the copy, give it a try, and see what it reveals about your site's configuration.

Verdict

Websecurify doesn't detect as many vulnerabilities as we'd like. It's free, and very easy to use, though, so if you're intimidated by other vulnerability scanners then this may be a good place to start